Export limit exceeded: 364427 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26315 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25128 | 1 Naturalintelligence | 1 Fast-xml-parser | 2026-04-18 | 7.5 High |
| fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code points (e.g., `�` or `�`). This causes the parser to throw an uncaught exception, crashing any application that processes untrusted XML input. Version 5.3.4 fixes the issue. | ||||
| CVE-2026-1691 | 2 Adlered, Bolo-blog | 2 Bolo-solo, Bolo-solo | 2026-04-18 | 6.3 Medium |
| A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-22778 | 2 Vllm, Vllm-project | 2 Vllm, Vllm | 2026-04-18 | 9.8 Critical |
| vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1. | ||||
| CVE-2026-25222 | 2 Polarlearn, Polarnl | 2 Polarlearn, Polarlearn | 2026-04-18 | 7.5 High |
| PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint, an attacker can distinguish between valid and invalid email addresses. This occurs because the server only performs the computationally expensive Argon2 password hashing if the user exists in the database. Requests for existing users take significantly longer (~650ms) than requests for non-existent users (~160ms). | ||||
| CVE-2026-24936 | 1 Asustor | 2 Adm, Data Master | 2026-04-18 | 9.8 Critical |
| When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can overwrite critical system files, leading to a complete system compromise. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1. | ||||
| CVE-2026-24664 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-04-18 | 5.3 Medium |
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been patched in version 4.2. | ||||
| CVE-2026-24427 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-04-18 | 5.5 Medium |
| Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile. | ||||
| CVE-2026-1580 | 1 Kubernetes | 1 Ingress-nginx | 2026-04-18 | 8.8 High |
| A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2026-20980 | 1 Samsung | 2 Android, Mobile Devices | 2026-04-18 | 6.8 Medium |
| Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands. | ||||
| CVE-2026-20981 | 1 Samsung | 2 Android, Mobile Devices | 2026-04-18 | 6.6 Medium |
| Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege. | ||||
| CVE-2026-25475 | 1 Openclaw | 1 Openclaw | 2026-04-17 | 6.5 Medium |
| OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. This issue has been patched in version 2026.1.30. | ||||
| CVE-2026-25514 | 2 Facturascripts, Neorazorx | 2 Facturascripts, Facturascripts | 2026-04-17 | 8.8 High |
| FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in the CodeModel::all() method where user-supplied parameters are directly concatenated into SQL queries without sanitization or parameterized binding. This issue has been patched in version 2025.81. | ||||
| CVE-2026-25513 | 2 Facturascripts, Neorazorx | 2 Facturascripts, Facturascripts | 2026-04-17 | 8.8 High |
| FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy() method where user-supplied sorting parameters are directly concatenated into the SQL ORDER BY clause without validation or sanitization. This affects all API endpoints that support sorting functionality. This issue has been patched in version 2025.81. | ||||
| CVE-2026-25523 | 1 Openmage | 1 Magento | 2026-04-17 | 5.3 Medium |
| Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1. | ||||
| CVE-2026-24916 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.9 Medium |
| Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-2055 | 2 D-link, Dlink | 6 Dir-605l, Dir-619l, Dir-605l and 3 more | 2026-04-17 | 5.3 Medium |
| A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-25723 | 2 Anthropic, Anthropics | 2 Claude Code, Claude Code | 2026-04-17 | 6.5 Medium |
| Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this required the ability to execute commands through Claude Code with the "accept edits" feature enabled. This issue has been patched in version 2.0.55. | ||||
| CVE-2026-25650 | 1 Smn2gnt | 2 Mcp-salesforce, Mcp Salesforce Connector | 2026-04-17 | 7.5 High |
| MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10. | ||||
| CVE-2026-1727 | 1 Google | 1 Gemini | 2026-04-17 | N/A |
| The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an attacker to engage in "bucket squatting" by establishing these buckets before a victim's initial use. All versions after December 12th, 2025 have been updated to protect from this vulnerability. No user action is required for this. | ||||
| CVE-2026-2113 | 2 Tpadmin Project, Yuan1994 | 2 Tpadmin, Tpadmin | 2026-04-17 | 7.3 High |
| A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||